login typo3
| Recommend this page to a friend! |
| PHP HTTP protocol client | > | All threads | > | login typo3 | > | (Un) Subscribe thread alerts |
| |||||||||||||||
| 1 - 10 | 11 - 11 |
 Karl Masche - 2007-07-21 21:58:03The login stop somewhere!
S HTTP/1.1 200 OK S Date: Sat, 21 Jul 2007 21:55:27 GMT S Server: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.8c S Set-Cookie: be_typo_user=11656661c14fc8fbb8ccc2f75c52b1c2; path=/ S Expires: 0 S Last-Modified: Sat, 21 Jul 2007 21:55:28 GMT S Cache-Control: no-cache, must-revalidate S Pragma: no-cache S Content-Length: 1043 S Content-Type: text/html S any idea to solve it! Thanks in advance.
 Manuel Lemos - 2007-07-21 22:30:49 - In reply to message 1 from Karl MascheThis is vague. I don't know Typo 3. So I don't know what is not working, as I have no idea what should be like when it is working.
Can you please be more explicit and tell what exactly are you trying to do and what happens that makes you think it is not working?
Karl Masche - 2007-07-22 20:44:27 - In reply to message 2 from Manuel LemosIf you like to build a sample system, simply download typo3 Version 4.1
from typo3.org and install this CMS at a webserver or at a server. When you installed you could go to the admin section with yourdomain.com/typo3. I like to do the loginautomatically with your class to develop some typo3 extensions easy. You could install it on any webserver, xampp, websphere and other (http://localhost/typo3). I won't know if this login is only a http request, I guess it is some additional and the login stop. Typo3 is a configuration CMS script. It uses some php classes to configure a website easy.
Manuel Lemos - 2007-07-22 21:36:57 - In reply to message 3 from Karl MascheRight now I do not have time because I am going on vacation in just a few days. If you have a site with that system ready to test and simple login script that I can see what you are trying to do, I may take a quick look and see if I can find a solution now. Otherwise, I will only be able to see that in 3 weeks.
Karl Masche - 2007-07-23 15:47:08 - In reply to message 4 from Manuel LemosI have a ready website with this, but this side is not secure to put it at a forum.
I have a other side found where you could have a look how it is: ccue.ac.uk/typo3/index.php (This is not my side, only a sample)Its all the same with typo3. You will find the login at this url. http://www.yourdomain/typo3/index.php You will be redirected to yourdomain/typo3/alt_main.phpAs you see you need cookies and javascript. The part for login is with javascript, not with php. If you download the typo3 you will find these files. I guess the solution is to handle the javascript. Is this independent with http request (java or php or asp or html)! I wish you some nice vacation time. Are you leaving your country for vacation! I don't have vacation this year. Its okay if you have a look after your vacation on this topic, I guess it need some additional time.
Manuel Lemos - 2007-07-23 17:02:34 - In reply to message 5 from Karl MascheI may still try it, if you provide me ASAP the script you are using to try to login in that site, so I can try to reproduce your problem.
Karl Masche - 2007-07-23 18:37:36 - In reply to message 6 from Manuel LemosI use this script:
<br>Here is a code I am using: <br><b>194.145.226.29</b> <? require("http.php"); set_time_limit(0); $http=new http_class; $http->timeout=0; $http->data_timeout=0; $http->debug=1; $http->html_debug=1; $http->follow_redirect=1; $http->user_agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"; $url="http://www.bildungsinstitut.net/typo3/alt_main.php"; $error=$http->GetRequestArguments($url,$arguments); $arguments["RequestMethod"]="POST"; $arguments["PostValues"]=array( "login_name" => "admin", "passwd" => "lemos" ); $error=$http->Open($arguments); if($error) die($error); $error=$http->SendRequest($arguments); if($error) die($error); $headers=array(); $error=$http->ReadReplyHeaders(&$headers); if($error) die($error); ?> <hr color="red"> <pre> Here is the script output: Resolving HTTP server domain "www.bildungsinstitut.net" Connecting to HTTP server IP 194.145.226.29 Connected to www.bildungsinstitut.net C POST /typo3/alt_main.php HTTP/1.1 C Host: www.bildungsinstitut.net C User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) C Content-Type: application/x-www-form-urlencoded C Content-Length: 28 C C login_name=admin&passwd=lemos S HTTP/1.1 200 OK S Date: Mon, 23 Jul 2007 18:07:36 GMT S Server: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.8c S Set-Cookie: be_typo_user=4fe9e11fe7611a2c7b7181e72b66c53e; path=/ S Expires: 0 S Last-Modified: Mon, 23 Jul 2007 18:07:36 GMT S Cache-Control: no-cache, must-revalidate S Pragma: no-cache S Content-Length: 1043 S Content-Type: text/html S
Karl Masche - 2007-07-23 18:40:00 - In reply to message 6 from Manuel LemosI use a second script, a modification of the yahoo_user.php script
to login with typo3! I tried the yahoo_user.php with my yahoo account but it failed.
Karl Masche - 2007-07-23 18:49:45 - In reply to message 6 from Manuel LemosI have seen the other messages with this forum and take that
what is relevant to the typo3 script. I could upload the index.php and the alt_main.php but the index.php have 700 lines, the alt_main.php 560 lines. At the alt_main.php is a login_frameset.php. At the index.php I found a checkRedirect(). This is the main part of the index.php: function main() { global $TBE_TEMPLATE, $TYPO3_CONF_VARS, $BE_USER; // Initialize template object: $TBE_TEMPLATE->docType='xhtml_trans'; // Set JavaScript for creating a MD5 hash of the password: $TBE_TEMPLATE->JScode.=' <script type="text/javascript" src="md5.js"></script> '.$TBE_TEMPLATE->wrapScriptTags(' function doChallengeResponse(superchallenged) { // password = document.loginform.p_field.value; if (password) { if (superchallenged) { password = MD5(password); // this makes it superchallenged!! } str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value; document.loginform.userident.value = MD5(str); document.loginform.p_field.value = ""; return true; } } '); // Checking, if we should make a redirect. // Might set JavaScript in the header to close window. $this->checkRedirect(); // Initialize interface selectors: $this->makeInterfaceSelectorBox(); // Replace an optional marker in the "Administration Login" label $this->L_vars[6] = str_replace("###SITENAME###",$TYPO3_CONF_VARS['SYS']['sitename'],$this->L_vars[6]); // Creating form based on whether there is a login or not: if (!$BE_USER->user['uid']) { if ($this->loginSecurityLevel == 'challenged') { $TBE_TEMPLATE->form = ' <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(0);"> '; } elseif ($this->loginSecurityLevel == 'normal') { $TBE_TEMPLATE->form = ' <form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;"> '; } else { // if ($this->loginSecurityLevel == 'superchallenged') { $TBE_TEMPLATE->form = ' <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(1);"> '; } $TBE_TEMPLATE->form.= ' <input type="hidden" name="login_status" value="login" /> '; $loginForm = $this->makeLoginForm(); } else { $TBE_TEMPLATE->form = ' <form action="index.php" method="post" name="loginform"> <input type="hidden" name="login_status" value="logout" /> '; $loginForm = $this->makeLogoutForm(); } // Starting page: $this->content.=$TBE_TEMPLATE->startPage('TYPO3 Login: '.$TYPO3_CONF_VARS['SYS']['sitename']); // Add login form: $this->content.=$this->wrapLoginForm($loginForm); // Ending form: $this->content.= ' <input type="hidden" name="userident" value="" /> <input type="hidden" name="challenge" value="'.($challenge = md5(uniqid('').getmypid())).'" /> <input type="hidden" name="redirect_url" value="'.htmlspecialchars($this->redirectToURL).'" /> <input type="hidden" name="loginRefresh" value="'.htmlspecialchars($this->loginRefresh).'" /> '.$this->interfaceSelector_hidden.' '; // Save challenge value in session data (thanks to Bernhard Kraft for providing code): session_start(); $_SESSION['login_challenge'] = $challenge; // This moves focus to the right input field: $this->content.=$TBE_TEMPLATE->wrapScriptTags(' // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame: if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) { document.loginform.username.value = parent.opener.TS.username; } // If for some reason there already is a username in the username for field, move focus to the password field: if (document.loginform.username && document.loginform.username.value == "") { document.loginform.username.focus(); } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") { document.loginform.p_field.focus(); } '); // End page: $this->content.=$TBE_TEMPLATE->endPage(); }
Manuel Lemos - 2007-07-24 06:08:10 - In reply to message 7 from Karl MascheThis login page uses some Javascript code to generate MD5 hashes of the user name you enter, a colon, the MD5 hash of the password you enter, another colon and the value of a challenge field.
What you need to do is to open the login form page, parse it using regular expressions to retrieve the challenge and the PHPSESSID values that are stored in hidden fields. Then you emulate the challenge response computation with equivalent operations in PHP and submit a POST request to the form submission page. Take a look at the page HTML and notice the doChallengeResponse to check how the challenge response is computed. |
| 1 - 10 | 11 - 11 |
